SlideShare uma empresa Scribd logo

Puppet Camp Melbourne 2014: Puppet and a DevOps Journey (Beginner)

Puppet
Puppet

Keith Ferguson, Australia & New Zealand Banking Group

Software
1 de 43
Baixar para ler offline
Classification: Public Puppet and A DevOps Journey Keith Ferguson Puppet Camp Melbourne 2014
TODAY Who am I? What is ANZ GCIS? Our challenges Our approach Lessons Learnt (a.k.a. Things I Wish We Knew at the Beginning) Storing sensitive information in Hiera Classification: Public 2
WHAT IS ANZ GCIS Classification: Public 3 Global Customer Integration Solution
WHAT IS ANZ GCIS $30.00 Billion $25.00 $20.00 $15.00 $10.00 $5.00 Classification: Public 4 350% 300% 250% 200% 150% 100% 50% 0% Customer Growth Oct-12 Oct-13 $- Value Processed Oct-12 Oct-13
GCIS DEVELOPMENT – MARCH 2014 4 teams, ~40 people Windows Server / .NET / IIS / Microsoft SQL ~50 servers across 5 environments (Prod/DR + 4 non-prod environments) Agile (scrum) Supporting Tools: Git Atlassian: Bamboo, Stash, Jira, Confluence Powershell RDP & Elbow Grease Classification: Public 5
GCIS DEVELOPMENT – MARCH 2014 Things We Did Well CI & Deployment Automation – ~8k builds, 2.5k non-prod deploys / month Test Automation – On commit & nightly for all channels Delivering change to our existing channels Classification: Public 6 9 8 7 6 5 4 3 2 1 0 Production Releases Jan Feb Mar Apr May Jun Jul Aug Sep Oct
GCIS DEVELOPMENT – MARCH 2014 Things We Needed To Do Better Management of complexity — Dependencies and change Delivery of new channels — Infrastructure & configuration of application containers 3rd level support & ops Classification: Public 7
CHALLENGE 1 — DEPENDENCIES & CHANGE Classification: Public UAT ENVIRONMENT 8 3 2 1 We Had:
CHALLENGE 1 — DEPENDENCIES & CHANGE PROJECT 1 PROJECT 2 PROJECT 3 Classification: Public 9 We Needed:
CHALLENGE 2 — GROWTH IN CHANNELS 10 5 Classification: Public 10 0 2012 2013 2014 2015
CHALLENGE 3 — 3RD LEVEL OPS Little to no production access No broad knowledge of production infrastructure Heavy reliance on key team members Far removed from incidents Classification: Public 11
Classification: Public 12 APPROACH APPLICATION INSIGHT CENTRALIZED LOGGING CONFIGURATION MANAGEMENT
OUR APPROACH Puppet Enterprise vs. Open Source Classification: Public
OUR APPROACH 1. Dedicate somebody 2. Spike it, try to understand it Classification: Public 14
OUR APPROACH Classification: Public 15 https://docs.puppetlabs.com/pe/latest/images/puppet/pe-configuration-data.png
OUR APPROACH 1. Dedicate somebody 2. Spike it, try to understand it 3. Identify the right questions 4. Training for a core group – Puppet Fundamentals 5. Implement the framework 6. Expand usage across team Classification: Public 16
ROLES & PROFILES Puppet Is Code. Abstractions Matter A node has one role A role is composed of one or more profiles Profiles are composed of module declarations Craig Dunn: https://puppetlabs.com/presentations/designing-puppet-rolesprofiles-pattern Classification: Public 17
ROLES & PROFILES Classification: Public 18 site.pp wordpress.pp db.pp node wp { include role::wordpress } class role::wordpress { include profile::db include profile::db::php include profile::wordpress } class profile::db { class { 'mysql::server': Adapted from https://github.com/hunner/roles_and_profiles config_hash => { 'root_password' => '8ZcJZFHs...' } } } class role::wordpress_web { include profile::wordpress } class role::wordpress_db { include profile::db include profile::db::php } site.pp node wp_web { include role::wordpress_web } node wp_db { include role::wordpress_db } roles
CLASSIFICATION Site.pp Classification: Public 19 node 'www1.example.com’, 'www1.example.com' { include profile::common include profile::apache } node /^(foo|bar)d+.example.com$/ { include profile::common }
CLASSIFICATION AT THE NODE Define a role Fact 2 site.pp Classification: Public 20 1 node default { } include $::role On the node: puppet config set role ‘role::some_role’ Or remotely: Invoke-Command –ComputerName c1,c2 –ScriptBlock {puppet config set role ‘role::some_role’} 3 CON > Not secure for multi-tenant environments > Node classification is not version controlled PRO > Simple & flexible > Great for dynamic environments
PACKAGING ON WINDOWS Like Yum/Apt-Get for Windows, Powered by NuGet & Powershell Classification: Public 21 https://chocolatey.org
PACKAGING ON WINDOWS $chocolatey_package_list = [ ] package { $chocolatey_package_list: } Classification: Public 22 Chocolatey Package Provider for Puppet: 'powershell4', 'DotNet4.5', 'git.install', ensure => installed, provider => 'chocolatey', https://forge.puppetlabs.com/rismoney/chocolatey
PACKAGING ON WINDOWS Classification: Public 23 Constraints No internet access Trust Package availability
PACKAGING ON WINDOWS Package1 |--- Package1.nuspec |--- ChocolateyInstall.ps1 |--- ChocolateyUninstall.ps1 Package2 |--- Package2.nuspec |--- ChocolateyInstall.ps1 |--- ChocolateyUninstall.ps1 Classification: Public 24 Binaries Archive IIS nuget feed Install-ChocolateyPackage ... -checksum 'EE01FC4110C73A8E5EFC7CABDA0F5FF7'
R10K IS KEY TO WORKFLOW Do you want? Multiple environments from a single puppet master Dynamic environments eg from feature branches Declarative management of puppet modules: Puppetfile If so you want r10k: https://github.com/adrienthebo/r10k ‘Smarter Puppet deployment, powered by killer robots’ Classification: Public 25 forge "https://forge.puppetlabs.com" mod 'puppetlabs-ntp', "0.0.3” mod 'puppetlabs-apt', :git => "git://github.com/puppetlabs/puppetlabs-apt.git"
R10K DEPLOYMENT Classification: Public 1. Repository Trigger 2. Webhook to r10k 3. git: fetch branch to puppet master
GOVERNANCE Trust, but verify: Code Minimum approvers policy for PRs Pull request please plugin: Workzone plugin: - PR reviewer addition via policy (Users + Groups) - Automated un-approval on PR change Classification: Public 27 ____ _ _ ____ _ ___ _ | _ _ _ | || | | _ ___ __ _ _ _ ___ ___ | |_ |__ | | | |_) || | | || || | | |_) | / _ / _` || | | | / _ / __|| __| / /| | | __/ | |_| || || | | _ < | __/| (_| || |_| || __/__ | |_ |_| |_| |_| __,_||_||_| |_| _ ___| __, | __,_| ___||___/ __| (_) (_) |_| Please raise a pull request to merge code to this branch.
GOVERNANCE Trust, but verify: Deployment Classification: Public 28
R10K & PUPPETFILE Challenge: Puppetfile functionality runs on the master Master needs to download modules from somewhere Master has no internet access Trust Classification: Public 29
R10K MODULE WORKFLOW acidprime/r10k * master Classification: Public devops/r10k Puppetfile mod 'r10k', * gcis-master / * master :git => 'ssh://git@stash/r10k.git', :ref => 'gcis-master'
WHEN IS AN ENVIRONMENT NOT AN ENVIRONMENT Do you want to stage the rollout of puppet code across Production? If yes: production is not a puppet environment, it’s an application environment (tier) Puppet environments exist to apply different revisions of code to different nodes Application environments are how you want to configure (hiera) your code Classification: Public 31 |-- prod_a.yaml |-- prod_b.yaml |-- dr_a.yaml |-- dr_b.yaml Problem: Hiera: "%{environment}” Solution: Custom fact ‘tier’: puppet config set tier ‘production’ Hiera: "%{::tier}" |-- production.yaml |-- uat.yaml |-- sit.yaml |-- st.yaml http://garylarizza.com/blog/2014/03/26/random-r10k-workflow-ideas/
USE PUPPET TO MANAGE PUPPET Example: Hiera.yaml Classification: Public 32 --- :backends: - yaml :logger: console :hierarchy: - "nodes/%{::clientcert}" - "%{environment}" - global :yaml: :datadir: /etc/puppetlabs/puppet/hiera/%{environment}/
USE PUPPET TO MANAGE PUPPET Example: Hiera.yaml via Puppet – https://forge.puppetlabs.com/hunner/hiera Classification: Public 33 class { '::hiera': backends => ['yaml’], datadir => '/etc/puppetlabs/puppet/hiera/%{environment}/', hierarchy => [ 'servers/%{::clientcert}’, '%{environment}’, 'global', ], }
USE PUPPET TO MANAGE PUPPET Classification: Public 34 Example: Install & configure r10k - https://forge.puppetlabs.com/zack/r10k class profile::puppet::master { class { 'r10k': version => '1.3.1', sources => { 'puppet' => { 'remote' => 'ssh://git@stash/puppet.git', 'basedir' => "${::settings::confdir}/environments", 'prefix' => false, }, 'hiera' => { 'remote' => 'ssh://git@stash/hiera.git', 'basedir' => "${::settings::confdir}/hiera", 'prefix' => false, }, }, purgedirs => ["${::settings::confdir}/environments", "${::settings::confdir}/hiera" ], manage_modulepath => true, modulepath => "${::settings::confdir}/environments/$environment/modules:${::settings::… mcollective => true, } }
STORING SENSITIVE INFORMATION IN HIERA Hiera-eyaml: https://github.com/TomPoulton/hiera-eyaml /etc/puppetlabs/puppet/hiera.yaml Classification: Public 35 --- :backends: - eyaml :eyaml: :datadir: /etc/puppet... :extension: "yaml" :pkcs7_private_key: "/etc/..." :pkcs7_public_key: "/etc/..." /etc/puppetlabs/puppet/hiera/prod.yaml --- profile::my_app::app_secret: > ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoII BejCCAXYCAQAxggEhMIIBHQIBADAFMAAC AQEwDQYJKoZIhvcNAQEBBQAEggEAWLZRf TW8YxvCOf4akyxYdBV5m2AdF+HF85Cz lqw8qQNKW9oMqktgyaoNzOMGufr0rp2BO zrdQ+/z3bmQ9HPK2qqJ1k/n/jX9 D5lf5ReEKj5VnhnLblbLyI5HCfLbR...]
STORING SENSITIVE INFORMATION IN HIERA /etc/puppetlabs/puppet/hiera.yaml Classification: Public 36 0000 + --- :backends: - eyaml :eyaml: :datadir: /etc/puppet... :extension: "yaml" :pkcs7_private_key: "/etc/..." :pkcs7_public_key: "/etc/..." /etc/puppetlabs/puppet/hiera/prod.yaml --- profile::my_app::app_secret: > ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoII BejCCAXYCAQAxggEhMIIBHQIBADAFMAAC AQEwDQYJKoZIhvcNAQEBBQAEggEAWLZRf TW8YxvCOf4akyxYdBV5m2AdF+HF85Cz lqw8qQNKW9oMqktgyaoNzOMGufr0rp2BO zrdQ+/z3bmQ9HPK2qqJ1k/n/jX9 D5lf5ReEKj5VnhnLblbLyI5HCfLbR...]
STORING SENSITIVE INFORMATION IN HIERA Classification: Public 37 Hardware Security Module (HSM) Provides network based FIPS 140-2 Level 3 secure cryptographic services Puppet Integration: Custom hiera eyaml encryptor: https://github.com/acidprime/hiera-eyaml-pkcs11 Operates in two modes: Native pkcs11 or OpenSSL CHIL RSA encryption – Private key is protected by HSM, public key is committed to version control Native mode will not work in PE >= 3.4 due to jruby Currently limited by RSA block size
hiera-eyaml-pkcs11 Classification: Public 38
SUMMARY Roles & Profiles Pattern Classification at the node Chocolatey for packaging on Windows Use r10k & build a good workflow, governance included Puppet environments aren’t application environments Use Puppet to manage puppet The community is excellent, use it Storing sensitive information in hiera – This is a risk weighted decision Classification: Public 39
WHERE ARE WE NOW > Started in March > Appdynamics, Splunk & Puppet all operational > Deployed & configured AD + Splunk agents via Puppet & Chocolatey (and upgraded since) > Functional vagrant workflow integrated with vmware through the vagrant-vsphere plugin > Puppet framework is stable, expanding use to broader team > On-demand testing environments are a WIP Classification: Public 40
THANKS My Team — Dylan Ratcliffe — William Gaunt — Laith Murad GCIS Infrastructure Team — Lee Murphy — Sathish Kannan Brett Gray & Zack Smith Gary Larizza & Craig Dunn Rob Reynolds Classification: Public 41
LINKS & INFORMATION Contact Info: keith.ferguson@anz.com; linkedin.com/in/keithferguson Tools r10k - https://github.com/adrienthebo/r10k – read the docs not just the readme r10k configuration module - https://github.com/acidprime/r10k hiera eyaml - https://github.com/TomPoulton/hiera-eyaml hiera eyaml pkcs11 backend - https://github.com/acidprime/hiera-eyaml-pkcs11 Reading / Learning Gary Larizza – http://garylarizza.com/ – Building a functional puppet workflow series is great Rob Nelson Puppet for vSphere Admins – http://rnelson0.com/puppet-for-vsphere-admins/ Crag Dunn’s Roles & Profiles Pattern Talk – https://puppetlabs.com/presentations/ designing-puppet-rolesprofiles-pattern Puppet Conf & Puppet Camp talks in general Classification: Public 42
QUESTIONS Classification: Public 43

Recomendados

Puppet Camp Austin 2015: Getting Started with Puppet
Puppet Camp Austin 2015: Getting Started with PuppetPuppet Camp Austin 2015: Getting Started with Puppet
Puppet Camp Austin 2015: Getting Started with PuppetPuppet
 
Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)DECK36
 
Virtual CD4PE Workshop
Virtual CD4PE WorkshopVirtual CD4PE Workshop
Virtual CD4PE WorkshopPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Drupal Deployment
Drupal DeploymentDrupal Deployment
Drupal DeploymentJeff Eaton
 
IBM Drupal Users Group Discussion on Managing and Deploying Configuration
IBM Drupal Users Group Discussion on Managing and Deploying ConfigurationIBM Drupal Users Group Discussion on Managing and Deploying Configuration
IBM Drupal Users Group Discussion on Managing and Deploying ConfigurationDevelopment Seed
 
Drupal Deployment
Drupal DeploymentDrupal Deployment
Drupal Deploymentq0rban
 
Puppetizing Your Organization
Puppetizing Your OrganizationPuppetizing Your Organization
Puppetizing Your OrganizationRobert Nelson
 

Recomendados

Puppet Camp Austin 2015: Getting Started with Puppet
Puppet Camp Austin 2015: Getting Started with PuppetPuppet Camp Austin 2015: Getting Started with Puppet
Puppet Camp Austin 2015: Getting Started with PuppetPuppet
 
Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)Our Puppet Story (Linuxtag 2014)
Our Puppet Story (Linuxtag 2014)DECK36
 
Virtual CD4PE Workshop
Virtual CD4PE WorkshopVirtual CD4PE Workshop
Virtual CD4PE WorkshopPuppet
 
2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)2021 04-15 operational verification (with notes)
2021 04-15 operational verification (with notes)Puppet
 
Drupal Deployment
Drupal DeploymentDrupal Deployment
Drupal DeploymentJeff Eaton
 
IBM Drupal Users Group Discussion on Managing and Deploying Configuration
IBM Drupal Users Group Discussion on Managing and Deploying ConfigurationIBM Drupal Users Group Discussion on Managing and Deploying Configuration
IBM Drupal Users Group Discussion on Managing and Deploying ConfigurationDevelopment Seed
 
Drupal Deployment
Drupal DeploymentDrupal Deployment
Drupal Deploymentq0rban
 
Puppetizing Your Organization
Puppetizing Your OrganizationPuppetizing Your Organization
Puppetizing Your OrganizationRobert Nelson
 
Pro Puppet
Pro PuppetPro Puppet
Pro Puppetdsadas
 
Virtual Bolt Workshop - March 16, 2020
Virtual Bolt Workshop - March 16, 2020Virtual Bolt Workshop - March 16, 2020
Virtual Bolt Workshop - March 16, 2020Puppet
 
Drupal Continuous Integration (European Drupal Days 2015)
Drupal Continuous Integration (European Drupal Days 2015)Drupal Continuous Integration (European Drupal Days 2015)
Drupal Continuous Integration (European Drupal Days 2015)Eugenio Minardi
 
An introduction to maven gradle and sbt
An introduction to maven gradle and sbtAn introduction to maven gradle and sbt
An introduction to maven gradle and sbtFabio Fumarola
 
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Puppet
 
Introduction to Puppet Scripting
Introduction to Puppet ScriptingIntroduction to Puppet Scripting
Introduction to Puppet ScriptingAchieve Internet
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementJames Turnbull
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Aaron Bernstein
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutionsAlessandro Franceschi
 
Virtual Bolt Workshop, 5 May 2020
Virtual Bolt Workshop, 5 May 2020Virtual Bolt Workshop, 5 May 2020
Virtual Bolt Workshop, 5 May 2020Puppet
 
TIAD : Automating the modern datacenter
TIAD : Automating the modern datacenterTIAD : Automating the modern datacenter
TIAD : Automating the modern datacenterThe Incredible Automation Day
 
Puppet Release Workflows at Jive Software
Puppet Release Workflows at Jive SoftwarePuppet Release Workflows at Jive Software
Puppet Release Workflows at Jive SoftwarePuppet
 
Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...
Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...
Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...Puppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
State of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DCState of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DCPuppet
 
Continuous integration of_puppet_code
Continuous integration of_puppet_codeContinuous integration of_puppet_code
Continuous integration of_puppet_codeDevoteam Revolve
 
Essential applications management with Tiny Puppet
Essential applications management with Tiny PuppetEssential applications management with Tiny Puppet
Essential applications management with Tiny PuppetAlessandro Franceschi
 
Scala and Play with Gradle
Scala and Play with GradleScala and Play with Gradle
Scala and Play with GradleWei Chen
 
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...Simplilearn
 
Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...
Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...
Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...Puppet
 
Manageable Puppet Infrastructure - PuppetConf 2014
Manageable Puppet Infrastructure - PuppetConf 2014Manageable Puppet Infrastructure - PuppetConf 2014
Manageable Puppet Infrastructure - PuppetConf 2014Puppet
 

Mais conteúdo relacionado

Mais procurados

Pro Puppet
Pro PuppetPro Puppet
Pro Puppetdsadas
 
Virtual Bolt Workshop - March 16, 2020
Virtual Bolt Workshop - March 16, 2020Virtual Bolt Workshop - March 16, 2020
Virtual Bolt Workshop - March 16, 2020Puppet
 
Drupal Continuous Integration (European Drupal Days 2015)
Drupal Continuous Integration (European Drupal Days 2015)Drupal Continuous Integration (European Drupal Days 2015)
Drupal Continuous Integration (European Drupal Days 2015)Eugenio Minardi
 
An introduction to maven gradle and sbt
An introduction to maven gradle and sbtAn introduction to maven gradle and sbt
An introduction to maven gradle and sbtFabio Fumarola
 
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Puppet
 
Introduction to Puppet Scripting
Introduction to Puppet ScriptingIntroduction to Puppet Scripting
Introduction to Puppet ScriptingAchieve Internet
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementJames Turnbull
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Aaron Bernstein
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyamlPuppet
 
Virtual Bolt Workshop, 5 May 2020
Virtual Bolt Workshop, 5 May 2020Virtual Bolt Workshop, 5 May 2020
Virtual Bolt Workshop, 5 May 2020Puppet
 
Puppet Release Workflows at Jive Software
Puppet Release Workflows at Jive SoftwarePuppet Release Workflows at Jive Software
Puppet Release Workflows at Jive SoftwarePuppet
 
Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...
Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...
Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...Puppet
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twentiesPuppet
 
State of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DCState of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DCPuppet
 
Continuous integration of_puppet_code
Continuous integration of_puppet_codeContinuous integration of_puppet_code
Continuous integration of_puppet_codeDevoteam Revolve
 
Essential applications management with Tiny Puppet
Essential applications management with Tiny PuppetEssential applications management with Tiny Puppet
Essential applications management with Tiny PuppetAlessandro Franceschi
 
Scala and Play with Gradle
Scala and Play with GradleScala and Play with Gradle
Scala and Play with GradleWei Chen
 
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...Simplilearn
 

Mais procurados (20)

Pro Puppet
Pro PuppetPro Puppet
Pro Puppet
 
Virtual Bolt Workshop - March 16, 2020
Virtual Bolt Workshop - March 16, 2020Virtual Bolt Workshop - March 16, 2020
Virtual Bolt Workshop - March 16, 2020
 
Drupal Continuous Integration (European Drupal Days 2015)
Drupal Continuous Integration (European Drupal Days 2015)Drupal Continuous Integration (European Drupal Days 2015)
Drupal Continuous Integration (European Drupal Days 2015)
 
An introduction to maven gradle and sbt
An introduction to maven gradle and sbtAn introduction to maven gradle and sbt
An introduction to maven gradle and sbt
 
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
Easily Manage Patching and Application Updates with Chocolatey + Puppet - Apr...
 
Introduction to Puppet Scripting
Introduction to Puppet ScriptingIntroduction to Puppet Scripting
Introduction to Puppet Scripting
 
Using Puppet - Real World Configuration Management
Using Puppet - Real World Configuration ManagementUsing Puppet - Real World Configuration Management
Using Puppet - Real World Configuration Management
 
Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)Puppet - Configuration Management Made Eas(ier)
Puppet - Configuration Management Made Eas(ier)
 
Puppetcamp r10kyaml
Puppetcamp r10kyamlPuppetcamp r10kyaml
Puppetcamp r10kyaml
 
Puppet evolutions
Puppet evolutionsPuppet evolutions
Puppet evolutions
 
Virtual Bolt Workshop, 5 May 2020
Virtual Bolt Workshop, 5 May 2020Virtual Bolt Workshop, 5 May 2020
Virtual Bolt Workshop, 5 May 2020
 
TIAD : Automating the modern datacenter
TIAD : Automating the modern datacenterTIAD : Automating the modern datacenter
TIAD : Automating the modern datacenter
 
Puppet Release Workflows at Jive Software
Puppet Release Workflows at Jive SoftwarePuppet Release Workflows at Jive Software
Puppet Release Workflows at Jive Software
 
Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...
Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...
Workshop: Know Before You Push 'Go': Using the Beaker Acceptance Test Framewo...
 
Modules of the twenties
Modules of the twentiesModules of the twenties
Modules of the twenties
 
State of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DCState of Puppet 2013 - Puppet Camp DC
State of Puppet 2013 - Puppet Camp DC
 
Continuous integration of_puppet_code
Continuous integration of_puppet_codeContinuous integration of_puppet_code
Continuous integration of_puppet_code
 
Essential applications management with Tiny Puppet
Essential applications management with Tiny PuppetEssential applications management with Tiny Puppet
Essential applications management with Tiny Puppet
 
Scala and Play with Gradle
Scala and Play with GradleScala and Play with Gradle
Scala and Play with Gradle
 
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...
Chef vs Puppet vs Ansible vs Saltstack | Configuration Management Tools | Dev...
 

Destaque

Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...
Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...
Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...Puppet
 
Manageable Puppet Infrastructure - PuppetConf 2014
Manageable Puppet Infrastructure - PuppetConf 2014Manageable Puppet Infrastructure - PuppetConf 2014
Manageable Puppet Infrastructure - PuppetConf 2014Puppet
 
Puppet At Twitter - Puppet Camp Silicon Valley
Puppet At Twitter - Puppet Camp Silicon ValleyPuppet At Twitter - Puppet Camp Silicon Valley
Puppet At Twitter - Puppet Camp Silicon ValleyPuppet
 
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetNicolas Brousse
 
OpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooOpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooinovex GmbH
 
How I hack on puppet modules
How I hack on puppet modulesHow I hack on puppet modules
How I hack on puppet modulesKris Buytaert
 
Foreman presentation at NYC puppet users
Foreman presentation at NYC puppet usersForeman presentation at NYC puppet users
Foreman presentation at NYC puppet usersohadlevy
 
Puppet Camp Sydney 2015: Sneak peek into the Puppet environment at Fairfax Media
Puppet Camp Sydney 2015: Sneak peek into the Puppet environment at Fairfax MediaPuppet Camp Sydney 2015: Sneak peek into the Puppet environment at Fairfax Media
Puppet Camp Sydney 2015: Sneak peek into the Puppet environment at Fairfax MediaPuppet
 
Extending Foreman the easy way with foreman_hooks
Extending Foreman the easy way with foreman_hooksExtending Foreman the easy way with foreman_hooks
Extending Foreman the easy way with foreman_hooksDominic Cleal
 
Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014
Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014
Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014Puppet
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with ForemanJulien Pivotto
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet
 
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Puppet
 
Foreman in Your Data Center :OSDC 2015
Foreman in Your Data Center :OSDC 2015Foreman in Your Data Center :OSDC 2015
Foreman in Your Data Center :OSDC 2015Stephen Benjamin
 
Foreman in your datacenter
Foreman in your datacenterForeman in your datacenter
Foreman in your datacenterlzap
 
Designing Puppet: Roles/Profiles Pattern
Designing Puppet: Roles/Profiles PatternDesigning Puppet: Roles/Profiles Pattern
Designing Puppet: Roles/Profiles PatternPuppet
 

Destaque (16)

Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...
Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...
Automating Community Code Contributions to Puppet with Ruby, GitHub, Heroku, ...
 
Manageable Puppet Infrastructure - PuppetConf 2014
Manageable Puppet Infrastructure - PuppetConf 2014Manageable Puppet Infrastructure - PuppetConf 2014
Manageable Puppet Infrastructure - PuppetConf 2014
 
Puppet At Twitter - Puppet Camp Silicon Valley
Puppet At Twitter - Puppet Camp Silicon ValleyPuppet At Twitter - Puppet Camp Silicon Valley
Puppet At Twitter - Puppet Camp Silicon Valley
 
Improving Operations Efficiency with Puppet
Improving Operations Efficiency with PuppetImproving Operations Efficiency with Puppet
Improving Operations Efficiency with Puppet
 
OpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, tooOpenNebula, the foreman and CentOS play nice, too
OpenNebula, the foreman and CentOS play nice, too
 
How I hack on puppet modules
How I hack on puppet modulesHow I hack on puppet modules
How I hack on puppet modules
 
Foreman presentation at NYC puppet users
Foreman presentation at NYC puppet usersForeman presentation at NYC puppet users
Foreman presentation at NYC puppet users
 
Puppet Camp Sydney 2015: Sneak peek into the Puppet environment at Fairfax Media
Puppet Camp Sydney 2015: Sneak peek into the Puppet environment at Fairfax MediaPuppet Camp Sydney 2015: Sneak peek into the Puppet environment at Fairfax Media
Puppet Camp Sydney 2015: Sneak peek into the Puppet environment at Fairfax Media
 
Extending Foreman the easy way with foreman_hooks
Extending Foreman the easy way with foreman_hooksExtending Foreman the easy way with foreman_hooks
Extending Foreman the easy way with foreman_hooks
 
Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014
Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014
Beaker: Automated, Cloud-Based Acceptance Testing - PuppetConf 2014
 
Lifecycle Management with Foreman
Lifecycle Management with ForemanLifecycle Management with Foreman
Lifecycle Management with Foreman
 
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
Puppet Availability and Performance at 100K Nodes - PuppetConf 2014
 
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
 
Foreman in Your Data Center :OSDC 2015
Foreman in Your Data Center :OSDC 2015Foreman in Your Data Center :OSDC 2015
Foreman in Your Data Center :OSDC 2015
 
Foreman in your datacenter
Foreman in your datacenterForeman in your datacenter
Foreman in your datacenter
 
Designing Puppet: Roles/Profiles Pattern
Designing Puppet: Roles/Profiles PatternDesigning Puppet: Roles/Profiles Pattern
Designing Puppet: Roles/Profiles Pattern
 

Semelhante a Puppet Camp Melbourne 2014: Puppet and a DevOps Journey (Beginner)

Ben ford intro
Ben ford introBen ford intro
Ben ford introPuppet
 
Telemetry doesn't have to be scary; Ben Ford
Telemetry doesn't have to be scary; Ben FordTelemetry doesn't have to be scary; Ben Ford
Telemetry doesn't have to be scary; Ben FordPuppet
 
Don’t fight with windmills. Upgrade path tool from OpenY distro - Igor Karpil...
Don’t fight with windmills. Upgrade path tool from OpenY distro - Igor Karpil...Don’t fight with windmills. Upgrade path tool from OpenY distro - Igor Karpil...
Don’t fight with windmills. Upgrade path tool from OpenY distro - Igor Karpil...DrupalCamp Kyiv
 
Docman - The swiss army knife for Drupal multisite docroot management and dep...
Docman - The swiss army knife for Drupal multisite docroot management and dep...Docman - The swiss army knife for Drupal multisite docroot management and dep...
Docman - The swiss army knife for Drupal multisite docroot management and dep...Aleksey Tkachenko
 
11 tools for your PHP devops stack
11 tools for your PHP devops stack11 tools for your PHP devops stack
11 tools for your PHP devops stackKris Buytaert
 
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...Steve Feldman
 
Webinar - Manage user, groups, packages in windows using puppet
Webinar - Manage user, groups, packages in windows using puppetWebinar - Manage user, groups, packages in windows using puppet
Webinar - Manage user, groups, packages in windows using puppetOlinData
 
PuppetConf 2016: Getting to the Latest Puppet – Nate McCurdy & Elizabeth Witt...
PuppetConf 2016: Getting to the Latest Puppet – Nate McCurdy & Elizabeth Witt...PuppetConf 2016: Getting to the Latest Puppet – Nate McCurdy & Elizabeth Witt...
PuppetConf 2016: Getting to the Latest Puppet – Nate McCurdy & Elizabeth Witt...Puppet
 
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...Chester Chen
 
Creating Developer-Friendly Docker Containers with Chaperone
Creating Developer-Friendly Docker Containers with ChaperoneCreating Developer-Friendly Docker Containers with Chaperone
Creating Developer-Friendly Docker Containers with ChaperoneGary Wisniewski
 
Buytaert kris tools
Buytaert kris toolsBuytaert kris tools
Buytaert kris toolskuchinskaya
 
Add usability testing to your skill set!
Add usability testing to your skill set!Add usability testing to your skill set!
Add usability testing to your skill set!dcmistry
 
Building and Maintaining a Distribution in Drupal 7 with Features
Building and Maintaining a Distribution in Drupal 7 with FeaturesBuilding and Maintaining a Distribution in Drupal 7 with Features
Building and Maintaining a Distribution in Drupal 7 with FeaturesNuvole
 
11 Tools for your Open Source devops stack
11 Tools for your Open Source devops stack 11 Tools for your Open Source devops stack
11 Tools for your Open Source devops stack Kris Buytaert
 
7 tools for your devops stack
7 tools for your devops stack7 tools for your devops stack
7 tools for your devops stackKris Buytaert
 
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8Phase2
 
OpenDayLight (ODL) Project
OpenDayLight (ODL) ProjectOpenDayLight (ODL) Project
OpenDayLight (ODL) ProjectVahid Sadri
 
Big query - Command line tools and Tips - (MOSG)
Big query - Command line tools and Tips - (MOSG)Big query - Command line tools and Tips - (MOSG)
Big query - Command line tools and Tips - (MOSG)Soshi Nemoto
 

Semelhante a Puppet Camp Melbourne 2014: Puppet and a DevOps Journey (Beginner) (20)

Ben ford intro
Ben ford introBen ford intro
Ben ford intro
 
Telemetry doesn't have to be scary; Ben Ford
Telemetry doesn't have to be scary; Ben FordTelemetry doesn't have to be scary; Ben Ford
Telemetry doesn't have to be scary; Ben Ford
 
Don’t fight with windmills. Upgrade path tool from OpenY distro - Igor Karpil...
Don’t fight with windmills. Upgrade path tool from OpenY distro - Igor Karpil...Don’t fight with windmills. Upgrade path tool from OpenY distro - Igor Karpil...
Don’t fight with windmills. Upgrade path tool from OpenY distro - Igor Karpil...
 
Docman - The swiss army knife for Drupal multisite docroot management and dep...
Docman - The swiss army knife for Drupal multisite docroot management and dep...Docman - The swiss army knife for Drupal multisite docroot management and dep...
Docman - The swiss army knife for Drupal multisite docroot management and dep...
 
11 tools for your PHP devops stack
11 tools for your PHP devops stack11 tools for your PHP devops stack
11 tools for your PHP devops stack
 
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
Ensure Optimal Performance and Scalability: Implementing a Robust and Reliabl...
 
Webinar - Manage user, groups, packages in windows using puppet
Webinar - Manage user, groups, packages in windows using puppetWebinar - Manage user, groups, packages in windows using puppet
Webinar - Manage user, groups, packages in windows using puppet
 
PuppetConf 2016: Getting to the Latest Puppet – Nate McCurdy & Elizabeth Witt...
PuppetConf 2016: Getting to the Latest Puppet – Nate McCurdy & Elizabeth Witt...PuppetConf 2016: Getting to the Latest Puppet – Nate McCurdy & Elizabeth Witt...
PuppetConf 2016: Getting to the Latest Puppet – Nate McCurdy & Elizabeth Witt...
 
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
SF Big Analytics talk: NVIDIA FLARE: Federated Learning Application Runtime E...
 
Creating Developer-Friendly Docker Containers with Chaperone
Creating Developer-Friendly Docker Containers with ChaperoneCreating Developer-Friendly Docker Containers with Chaperone
Creating Developer-Friendly Docker Containers with Chaperone
 
Open event presentation.3 2
Open event presentation.3 2Open event presentation.3 2
Open event presentation.3 2
 
Buytaert kris tools
Buytaert kris toolsBuytaert kris tools
Buytaert kris tools
 
Add usability testing to your skill set!
Add usability testing to your skill set!Add usability testing to your skill set!
Add usability testing to your skill set!
 
Building and Maintaining a Distribution in Drupal 7 with Features
Building and Maintaining a Distribution in Drupal 7 with FeaturesBuilding and Maintaining a Distribution in Drupal 7 with Features
Building and Maintaining a Distribution in Drupal 7 with Features
 
11 Tools for your Open Source devops stack
11 Tools for your Open Source devops stack 11 Tools for your Open Source devops stack
11 Tools for your Open Source devops stack
 
7 tools for your devops stack
7 tools for your devops stack7 tools for your devops stack
7 tools for your devops stack
 
Sprint 69
Sprint 69Sprint 69
Sprint 69
 
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
A FUTURE-FOCUSED DIGITAL PLATFORM WITH DRUPAL 8
 
OpenDayLight (ODL) Project
OpenDayLight (ODL) ProjectOpenDayLight (ODL) Project
OpenDayLight (ODL) Project
 
Big query - Command line tools and Tips - (MOSG)
Big query - Command line tools and Tips - (MOSG)Big query - Command line tools and Tips - (MOSG)
Big query - Command line tools and Tips - (MOSG)
 

Mais de Puppet

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscodePuppet
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codePuppet
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approachPuppet
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationPuppet
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliancePuppet
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowPuppet
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Puppet
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppetPuppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping groundPuppet
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy SoftwarePuppet
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User GroupPuppet
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsPuppet
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyPuppet
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkPuppet
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet
 
Bolt on Windows - James Pogran
Bolt on Windows - James PogranBolt on Windows - James Pogran
Bolt on Windows - James PogranPuppet
 

Mais de Puppet (20)

Puppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepoPuppet camp2021 testing modules and controlrepo
Puppet camp2021 testing modules and controlrepo
 
Puppet camp vscode
Puppet camp vscodePuppet camp vscode
Puppet camp vscode
 
Applying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance codeApplying Roles and Profiles method to compliance code
Applying Roles and Profiles method to compliance code
 
KGI compliance as-code approach
KGI compliance as-code approachKGI compliance as-code approach
KGI compliance as-code approach
 
Enforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automationEnforce compliance policy with model-driven automation
Enforce compliance policy with model-driven automation
 
Keynote: Puppet camp compliance
Keynote: Puppet camp complianceKeynote: Puppet camp compliance
Keynote: Puppet camp compliance
 
Automating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNowAutomating it management with Puppet + ServiceNow
Automating it management with Puppet + ServiceNow
 
Puppet: The best way to harden Windows
Puppet: The best way to harden WindowsPuppet: The best way to harden Windows
Puppet: The best way to harden Windows
 
Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020Simplified Patch Management with Puppet - Oct. 2020
Simplified Patch Management with Puppet - Oct. 2020
 
Accelerating azure adoption with puppet
Accelerating azure adoption with puppetAccelerating azure adoption with puppet
Accelerating azure adoption with puppet
 
Puppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael PinsonPuppet catalog Diff; Raphael Pinson
Puppet catalog Diff; Raphael Pinson
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Take control of your dev ops dumping ground
Take control of your dev ops dumping groundTake control of your dev ops dumping ground
Take control of your dev ops dumping ground
 
100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software100% Puppet Cloud Deployment of Legacy Software
100% Puppet Cloud Deployment of Legacy Software
 
Puppet User Group
Puppet User GroupPuppet User Group
Puppet User Group
 
Continuous Compliance and DevSecOps
Continuous Compliance and DevSecOpsContinuous Compliance and DevSecOps
Continuous Compliance and DevSecOps
 
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick MaludyThe Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
The Dynamic Duo of Puppet and Vault tame SSL Certificates, Nick Maludy
 
ServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin ReeuwijkServiceNow and Puppet- better together, Kevin Reeuwijk
ServiceNow and Puppet- better together, Kevin Reeuwijk
 
Puppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav HadzhievPuppet in k8s, Miroslav Hadzhiev
Puppet in k8s, Miroslav Hadzhiev
 
Bolt on Windows - James Pogran
Bolt on Windows - James PogranBolt on Windows - James Pogran
Bolt on Windows - James Pogran
 

Último

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataBradBedford3
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerThousandEyes
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...stazi3110
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 

Último (20)

Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer DataAdobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
Adobe Marketo Engage Deep Dives: Using Webhooks to Transfer Data
 
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected WorkerHow To Troubleshoot Collaboration Apps for the Modern Connected Worker
How To Troubleshoot Collaboration Apps for the Modern Connected Worker
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
Building a General PDE Solving Framework with Symbolic-Numeric Scientific Mac...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 

Puppet Camp Melbourne 2014: Puppet and a DevOps Journey (Beginner)

  • 1. Classification: Public Puppet and A DevOps Journey Keith Ferguson Puppet Camp Melbourne 2014
  • 2. TODAY Who am I? What is ANZ GCIS? Our challenges Our approach Lessons Learnt (a.k.a. Things I Wish We Knew at the Beginning) Storing sensitive information in Hiera Classification: Public 2
  • 3. WHAT IS ANZ GCIS Classification: Public 3 Global Customer Integration Solution
  • 4. WHAT IS ANZ GCIS $30.00 Billion $25.00 $20.00 $15.00 $10.00 $5.00 Classification: Public 4 350% 300% 250% 200% 150% 100% 50% 0% Customer Growth Oct-12 Oct-13 $- Value Processed Oct-12 Oct-13
  • 5. GCIS DEVELOPMENT – MARCH 2014 4 teams, ~40 people Windows Server / .NET / IIS / Microsoft SQL ~50 servers across 5 environments (Prod/DR + 4 non-prod environments) Agile (scrum) Supporting Tools: Git Atlassian: Bamboo, Stash, Jira, Confluence Powershell RDP & Elbow Grease Classification: Public 5
  • 6. GCIS DEVELOPMENT – MARCH 2014 Things We Did Well CI & Deployment Automation – ~8k builds, 2.5k non-prod deploys / month Test Automation – On commit & nightly for all channels Delivering change to our existing channels Classification: Public 6 9 8 7 6 5 4 3 2 1 0 Production Releases Jan Feb Mar Apr May Jun Jul Aug Sep Oct
  • 7. GCIS DEVELOPMENT – MARCH 2014 Things We Needed To Do Better Management of complexity — Dependencies and change Delivery of new channels — Infrastructure & configuration of application containers 3rd level support & ops Classification: Public 7
  • 8. CHALLENGE 1 — DEPENDENCIES & CHANGE Classification: Public UAT ENVIRONMENT 8 3 2 1 We Had:
  • 9. CHALLENGE 1 — DEPENDENCIES & CHANGE PROJECT 1 PROJECT 2 PROJECT 3 Classification: Public 9 We Needed:
  • 10. CHALLENGE 2 — GROWTH IN CHANNELS 10 5 Classification: Public 10 0 2012 2013 2014 2015
  • 11. CHALLENGE 3 — 3RD LEVEL OPS Little to no production access No broad knowledge of production infrastructure Heavy reliance on key team members Far removed from incidents Classification: Public 11
  • 12. Classification: Public 12 APPROACH APPLICATION INSIGHT CENTRALIZED LOGGING CONFIGURATION MANAGEMENT
  • 13. OUR APPROACH Puppet Enterprise vs. Open Source Classification: Public
  • 14. OUR APPROACH 1. Dedicate somebody 2. Spike it, try to understand it Classification: Public 14
  • 15. OUR APPROACH Classification: Public 15 https://docs.puppetlabs.com/pe/latest/images/puppet/pe-configuration-data.png
  • 16. OUR APPROACH 1. Dedicate somebody 2. Spike it, try to understand it 3. Identify the right questions 4. Training for a core group – Puppet Fundamentals 5. Implement the framework 6. Expand usage across team Classification: Public 16
  • 17. ROLES & PROFILES Puppet Is Code. Abstractions Matter A node has one role A role is composed of one or more profiles Profiles are composed of module declarations Craig Dunn: https://puppetlabs.com/presentations/designing-puppet-rolesprofiles-pattern Classification: Public 17
  • 18. ROLES & PROFILES Classification: Public 18 site.pp wordpress.pp db.pp node wp { include role::wordpress } class role::wordpress { include profile::db include profile::db::php include profile::wordpress } class profile::db { class { 'mysql::server': Adapted from https://github.com/hunner/roles_and_profiles config_hash => { 'root_password' => '8ZcJZFHs...' } } } class role::wordpress_web { include profile::wordpress } class role::wordpress_db { include profile::db include profile::db::php } site.pp node wp_web { include role::wordpress_web } node wp_db { include role::wordpress_db } roles
  • 19. CLASSIFICATION Site.pp Classification: Public 19 node 'www1.example.com’, 'www1.example.com' { include profile::common include profile::apache } node /^(foo|bar)d+.example.com$/ { include profile::common }
  • 20. CLASSIFICATION AT THE NODE Define a role Fact 2 site.pp Classification: Public 20 1 node default { } include $::role On the node: puppet config set role ‘role::some_role’ Or remotely: Invoke-Command –ComputerName c1,c2 –ScriptBlock {puppet config set role ‘role::some_role’} 3 CON > Not secure for multi-tenant environments > Node classification is not version controlled PRO > Simple & flexible > Great for dynamic environments
  • 21. PACKAGING ON WINDOWS Like Yum/Apt-Get for Windows, Powered by NuGet & Powershell Classification: Public 21 https://chocolatey.org
  • 22. PACKAGING ON WINDOWS $chocolatey_package_list = [ ] package { $chocolatey_package_list: } Classification: Public 22 Chocolatey Package Provider for Puppet: 'powershell4', 'DotNet4.5', 'git.install', ensure => installed, provider => 'chocolatey', https://forge.puppetlabs.com/rismoney/chocolatey
  • 23. PACKAGING ON WINDOWS Classification: Public 23 Constraints No internet access Trust Package availability
  • 24. PACKAGING ON WINDOWS Package1 |--- Package1.nuspec |--- ChocolateyInstall.ps1 |--- ChocolateyUninstall.ps1 Package2 |--- Package2.nuspec |--- ChocolateyInstall.ps1 |--- ChocolateyUninstall.ps1 Classification: Public 24 Binaries Archive IIS nuget feed Install-ChocolateyPackage ... -checksum 'EE01FC4110C73A8E5EFC7CABDA0F5FF7'
  • 25. R10K IS KEY TO WORKFLOW Do you want? Multiple environments from a single puppet master Dynamic environments eg from feature branches Declarative management of puppet modules: Puppetfile If so you want r10k: https://github.com/adrienthebo/r10k ‘Smarter Puppet deployment, powered by killer robots’ Classification: Public 25 forge "https://forge.puppetlabs.com" mod 'puppetlabs-ntp', "0.0.3” mod 'puppetlabs-apt', :git => "git://github.com/puppetlabs/puppetlabs-apt.git"
  • 26. R10K DEPLOYMENT Classification: Public 1. Repository Trigger 2. Webhook to r10k 3. git: fetch branch to puppet master
  • 27. GOVERNANCE Trust, but verify: Code Minimum approvers policy for PRs Pull request please plugin: Workzone plugin: - PR reviewer addition via policy (Users + Groups) - Automated un-approval on PR change Classification: Public 27 ____ _ _ ____ _ ___ _ | _ _ _ | || | | _ ___ __ _ _ _ ___ ___ | |_ |__ | | | |_) || | | || || | | |_) | / _ / _` || | | | / _ / __|| __| / /| | | __/ | |_| || || | | _ < | __/| (_| || |_| || __/__ | |_ |_| |_| |_| __,_||_||_| |_| _ ___| __, | __,_| ___||___/ __| (_) (_) |_| Please raise a pull request to merge code to this branch.
  • 28. GOVERNANCE Trust, but verify: Deployment Classification: Public 28
  • 29. R10K & PUPPETFILE Challenge: Puppetfile functionality runs on the master Master needs to download modules from somewhere Master has no internet access Trust Classification: Public 29
  • 30. R10K MODULE WORKFLOW acidprime/r10k * master Classification: Public devops/r10k Puppetfile mod 'r10k', * gcis-master / * master :git => 'ssh://git@stash/r10k.git', :ref => 'gcis-master'
  • 31. WHEN IS AN ENVIRONMENT NOT AN ENVIRONMENT Do you want to stage the rollout of puppet code across Production? If yes: production is not a puppet environment, it’s an application environment (tier) Puppet environments exist to apply different revisions of code to different nodes Application environments are how you want to configure (hiera) your code Classification: Public 31 |-- prod_a.yaml |-- prod_b.yaml |-- dr_a.yaml |-- dr_b.yaml Problem: Hiera: "%{environment}” Solution: Custom fact ‘tier’: puppet config set tier ‘production’ Hiera: "%{::tier}" |-- production.yaml |-- uat.yaml |-- sit.yaml |-- st.yaml http://garylarizza.com/blog/2014/03/26/random-r10k-workflow-ideas/
  • 32. USE PUPPET TO MANAGE PUPPET Example: Hiera.yaml Classification: Public 32 --- :backends: - yaml :logger: console :hierarchy: - "nodes/%{::clientcert}" - "%{environment}" - global :yaml: :datadir: /etc/puppetlabs/puppet/hiera/%{environment}/
  • 33. USE PUPPET TO MANAGE PUPPET Example: Hiera.yaml via Puppet – https://forge.puppetlabs.com/hunner/hiera Classification: Public 33 class { '::hiera': backends => ['yaml’], datadir => '/etc/puppetlabs/puppet/hiera/%{environment}/', hierarchy => [ 'servers/%{::clientcert}’, '%{environment}’, 'global', ], }
  • 34. USE PUPPET TO MANAGE PUPPET Classification: Public 34 Example: Install & configure r10k - https://forge.puppetlabs.com/zack/r10k class profile::puppet::master { class { 'r10k': version => '1.3.1', sources => { 'puppet' => { 'remote' => 'ssh://git@stash/puppet.git', 'basedir' => "${::settings::confdir}/environments", 'prefix' => false, }, 'hiera' => { 'remote' => 'ssh://git@stash/hiera.git', 'basedir' => "${::settings::confdir}/hiera", 'prefix' => false, }, }, purgedirs => ["${::settings::confdir}/environments", "${::settings::confdir}/hiera" ], manage_modulepath => true, modulepath => "${::settings::confdir}/environments/$environment/modules:${::settings::… mcollective => true, } }
  • 35. STORING SENSITIVE INFORMATION IN HIERA Hiera-eyaml: https://github.com/TomPoulton/hiera-eyaml /etc/puppetlabs/puppet/hiera.yaml Classification: Public 35 --- :backends: - eyaml :eyaml: :datadir: /etc/puppet... :extension: "yaml" :pkcs7_private_key: "/etc/..." :pkcs7_public_key: "/etc/..." /etc/puppetlabs/puppet/hiera/prod.yaml --- profile::my_app::app_secret: > ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoII BejCCAXYCAQAxggEhMIIBHQIBADAFMAAC AQEwDQYJKoZIhvcNAQEBBQAEggEAWLZRf TW8YxvCOf4akyxYdBV5m2AdF+HF85Cz lqw8qQNKW9oMqktgyaoNzOMGufr0rp2BO zrdQ+/z3bmQ9HPK2qqJ1k/n/jX9 D5lf5ReEKj5VnhnLblbLyI5HCfLbR...]
  • 36. STORING SENSITIVE INFORMATION IN HIERA /etc/puppetlabs/puppet/hiera.yaml Classification: Public 36 0000 + --- :backends: - eyaml :eyaml: :datadir: /etc/puppet... :extension: "yaml" :pkcs7_private_key: "/etc/..." :pkcs7_public_key: "/etc/..." /etc/puppetlabs/puppet/hiera/prod.yaml --- profile::my_app::app_secret: > ENC[PKCS7,MIIBiQYJKoZIhvcNAQcDoII BejCCAXYCAQAxggEhMIIBHQIBADAFMAAC AQEwDQYJKoZIhvcNAQEBBQAEggEAWLZRf TW8YxvCOf4akyxYdBV5m2AdF+HF85Cz lqw8qQNKW9oMqktgyaoNzOMGufr0rp2BO zrdQ+/z3bmQ9HPK2qqJ1k/n/jX9 D5lf5ReEKj5VnhnLblbLyI5HCfLbR...]
  • 37. STORING SENSITIVE INFORMATION IN HIERA Classification: Public 37 Hardware Security Module (HSM) Provides network based FIPS 140-2 Level 3 secure cryptographic services Puppet Integration: Custom hiera eyaml encryptor: https://github.com/acidprime/hiera-eyaml-pkcs11 Operates in two modes: Native pkcs11 or OpenSSL CHIL RSA encryption – Private key is protected by HSM, public key is committed to version control Native mode will not work in PE >= 3.4 due to jruby Currently limited by RSA block size
  • 39. SUMMARY Roles & Profiles Pattern Classification at the node Chocolatey for packaging on Windows Use r10k & build a good workflow, governance included Puppet environments aren’t application environments Use Puppet to manage puppet The community is excellent, use it Storing sensitive information in hiera – This is a risk weighted decision Classification: Public 39
  • 40. WHERE ARE WE NOW > Started in March > Appdynamics, Splunk & Puppet all operational > Deployed & configured AD + Splunk agents via Puppet & Chocolatey (and upgraded since) > Functional vagrant workflow integrated with vmware through the vagrant-vsphere plugin > Puppet framework is stable, expanding use to broader team > On-demand testing environments are a WIP Classification: Public 40
  • 41. THANKS My Team — Dylan Ratcliffe — William Gaunt — Laith Murad GCIS Infrastructure Team — Lee Murphy — Sathish Kannan Brett Gray & Zack Smith Gary Larizza & Craig Dunn Rob Reynolds Classification: Public 41
  • 42. LINKS & INFORMATION Contact Info: keith.ferguson@anz.com; linkedin.com/in/keithferguson Tools r10k - https://github.com/adrienthebo/r10k – read the docs not just the readme r10k configuration module - https://github.com/acidprime/r10k hiera eyaml - https://github.com/TomPoulton/hiera-eyaml hiera eyaml pkcs11 backend - https://github.com/acidprime/hiera-eyaml-pkcs11 Reading / Learning Gary Larizza – http://garylarizza.com/ – Building a functional puppet workflow series is great Rob Nelson Puppet for vSphere Admins – http://rnelson0.com/puppet-for-vsphere-admins/ Crag Dunn’s Roles & Profiles Pattern Talk – https://puppetlabs.com/presentations/ designing-puppet-rolesprofiles-pattern Puppet Conf & Puppet Camp talks in general Classification: Public 42